Multiple vulnerabilities in D-Link routers allow to take full control over the device without any user interaction through the Web interface. Verified affected devices: DWR-111, DWR-116, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, DWR-921 but the problem may be related to other as well.
Vulnerability in all new ASUS routers which allows to totally take over the device. Up to date of disclosure the vulnerability affected all new versions of ASUSWRT. Older versions were vulnerable too - see CVE-2017-15655.
An authenticated user (even the guest user) is able to execute arbitrary SQL code in ManageEngine Password Manager Pro before version 8.1 (build 8101). This allows the attacker to obtain superadmin priviledges and retrieve full access to all stored secrets.